<?php
	session_start();
	
	if (!isset($_SESSION['sesi_login']))
		header("Location:../../index.php");
	
	@chdir("../../");
	define('ABS_URL',str_replace("\\","/",getcwd()));
	require ABS_URL.'/engine/Smarty.class.php';
	require ABS_URL."/functions/class.query.inc.php";
	$smarty = new Smarty();
	require ABS_URL."/dev_con.inc.php";
	require ABS_URL."/functions/func_file.php";
	$queryData = new queryData();
	$queryData->baseConfig();
	require ABS_URL."/functions/func_content.php";
	require ABS_URL."/langs/".BASE_LANGUAGE.'.inc.php';
	require $queryData->get_curr_dir(dirname(__FILE__))."/langs/".BASE_LANGUAGE.'.inc.php';
	
	// Prototype RECAPTCHA
	// definisikan USE_RECAPTCHA = true
	if (defined('USE_RECAPTCHA')) {
		require_once "../../src/recaptchalib.php";
	}

	$allowedTag = array('\n','<br />');
	$judul = trim(strip_tags($_POST['judul']));
	$header_c = trim($_POST['ipaddress']);
	$isi = trim(strip_tags($_POST['isi'],$allowedTag));
	$isi = strip_tags($isi);
	$isi = htmlspecialchars($isi);
	$isi = substr($isi,0,500);
	$author = strtolower($_SESSION['author']);
	$email = strip_tags($_POST['email']);
	$pengirim = strip_tags($_POST['pengirim']);
	$website = strip_tags($_POST['website']);
	$idcontent = (int) $_POST['idbase'];
	(is_numeric($_POST['idbase'])) ? $tipe = 'bukutamu-'.$idcontent : $tipe = 'bukutamu';
	$request = (empty($_GET['l'])) ? '/?show='.SHOW.'&showview='.SHOWVIEW.'&act='.$act.'&limitdown=0' : strip_tags($_GET['l']);
	if ($_POST['publish']=="ya") {
		$status = 1;
	} else {
		$status = 0;
	}

	if (strtolower(ACT_VER)=="hapus") {
		$kode = (int) $_GET['kode'];
		$sql = "DELETE FROM tbl_content WHERE idx='".$kode."'";
		$qry = mysql_query($sql);
	
		($qry) ? $_SESSION['sesi_ver'] = $queryData->cekAksi($kode,'delete') : $_SESSION['sesi_ver'] = '';
	} else {
		$a = array($header_c,$isi);
		$b = array('empty','empty');
		$c = array($GBOOK_IPADDRESS,$GBOOK_COMMENT);
		switch (strtolower($_POST['act_ver'])) {
			case "input" :
				$result = $queryData->NotificationCheck($a,$b,$c);
				// Prototype RECAPTCHA
				// definisikan USE_RECAPTCHA = true
				if (defined('USE_RECAPTCHA')) {
					if (defined('USE_RECAPTCHA_PRIVATE_KEY')) {
						$privatekey = USE_RECAPTCHA_PRIVATE_KEY;
						// Check pertanyaan RECAPTCHA dengan jawabannya
						$resp = recaptcha_check_answer($privatekey,$_SERVER["REMOTE_ADDR"],$_POST["recaptcha_challenge_field"],$_POST["recaptcha_response_field"]);
						// Jika Tidak Valid
						if (!$resp->is_valid) {
							header("Location:../..".$request);
							die();
						}
					}
				}
				if (empty($result)) {
					if ($author=="")
						$author = "anonymous";
						
					if ($judul=="")
						$judul = "bukutamu";
					
					$header_c = strip_tags($header_c);
					$header_c = htmlspecialchars($header_c);
					$tanggal = date("Y-m-d-H-i-s");
					$sql = "INSERT INTO tbl_content VALUES(NULL,'".$judul."','".$header_c."#".$email."#".$pengirim."#".$website."#".$idcontent."','".$isi."','".$author."','".$tanggal."','".$tipe."','1')";
					$qry = mysql_query($sql);
					
					$_SESSION['sesi_ver'] = 'OK';
	
				} else {
					$_SESSION['sesi_ver'] = $DEV_ACTION_NOTIFICATION;
					foreach($result as $data) {
						$_SESSION['sesi_ver'] .= '<br />- '.$data;
					}
					$act = 'tambah';
				}
				header("Location:../..".$request);
				die();
			break;
			case "edit" :
				$kode = (int) $_POST['kode'];
				$result = $queryData->NotificationCheck($a,$b,$c);
				if (empty($result)) {
					$sql = "UPDATE tbl_content SET isi='".$isi."', status='".$status."' WHERE idx='".$kode."'";
					$qry = mysql_query($sql);
					$_SESSION['sesi_ver'] = $queryData->cekAksi($kode,'edit');
					$act = 'lihat';
				} else {
					$_SESSION['sesi_ver'] = $DEV_ACTION_NOTIFICATION;
					foreach($result as $data) {
						$_SESSION['sesi_ver'] .= '<br />- '.$data;
					}								
					$act = 'edit&kode='.$kode;
				}
			break;
		}
	}
		
	if (isset($_SESSION['sesi_login'])) {
		header('Location:../../?show='.SHOW.'&showview='.SHOWVIEW.'&act='.$act.'&limitdown=0');
	} else {
		header("Location:../../index.php");
	};
?>